Christian Purnomo wrote:
> : Are your queues filled with bounce messages because you are accepting
> : mail to unknown recipients? Are you rejecting unknown recipients at the
> : first postfix instance.
>
> HI MrC
>
> Yes, more than 50% of the emails in the queue are Non-delivery type
> email. This mail server is one of our mail gateway which primary job is
> to relay email to our Exchange server, hence the server simply receives
> all the incoming emails and relay through to our internal exchange
> server.
Solve the problem by exporting a list of valid recipients, and importing
it into the gateway postfix. Not having recipient validation today is
asking for the trouble you face now.
>
> Our postfix has the following configuration:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> reject_unknown_recipient_domain,
> check_recipient_access hash:/etc/postfix/recipient_access,
> reject_unauth_destination,
> permit_auth_destination
>
Move reject_unauth_pipelining to smtpd_data_restrictions; it serves no
purpose in smtpd_recipient_restrictions.
There are some additional cheap checks you can perform too. Consider these:
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unlisted_recipient
and possibly:
reject_unknown_sender_domain
reject_unknown_recipient_domain
check_helo_access pcre:/etc/postfix/helo_checks.pcre
reject_invalid_helo_hostname
and finally, zen is very useful:
reject_rbl_client zen.spamhaus.org
Here are some stats showing reject effectiveness in my current settings
(note, these will change as restrictions are added/removed/moved). As
you can see, rejecting bad HELOs, unknown users, and RBL(zen) catches 90% :
179 5xx Reject relay denied 0.93%
6889 5xx Reject HELO/EHLO 35.85%
3605 5xx Reject unknown user 18.76%
123 5xx Reject recipient address 0.64%
57 5xx Reject sender address 0.30%
24 5xx Reject client host 0.12%
1076 5xx Reject unverified client host 5.60%
7133 5xx Reject RBL 37.12%
77 5xx Reject header 0.40%
51 5xx Reject body 0.27%
1 5xx Reject VRFY 0.01%
-------- ------------------------------------------------
19215 Total 5xx Rejects 100.00%
======== ================================================
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
